package com.lucky.adminserver.conf;

/**
 * @Description
 * @Author haijun.zhang@luckincoffee.com
 * @Date 2018-09-10 9:36
 **/

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * 以下代码来自于官方文档
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 配置登录界面
        http.formLogin().loginPage("/login.html").loginProcessingUrl("/login").permitAll();
        // 配置登出界面
        http.logout().logoutUrl("/logout");
        // The ui currently doesn't support csrf
        http.csrf().disable();

        // 页面以及静态资源css\img
        http.authorizeRequests()
                .antMatchers("/login.html", "/**/*.css", "/img/**", "/third-party/**")
                .permitAll();
        //除了上述意外的资源访问需要权限认证，即加上authenticated()方法。
        http.authorizeRequests().antMatchers("/**").authenticated();

        // Enable so that the clients can authenticate via HTTP basic for registering
        http.httpBasic();
    }
}